wasmi: initial integration

[Robbepop]

This proposes to add the Wasmi project to OSS-fuzz.

Wasmi is an efficient WebAssembly interpreter especially suited for embedded environments similar to Wasm3.
It has over 7M downloads on crates.io, a Rust and C API, and is used as security critical component in several big projects, especially in the blockchain industry. Recently Wasmi has been added as backend by the Wasmer project which is also registered in OSS-fuzz.

2 audits have been conducted for Wasmi so far which (amongst others) concluded that Wasmi ideally should be registered to the OSS-fuzz project if possible.

Unfortunately I could not test the Dockerfile and shell script locally due to this issue: #10967
(I am open to suggestions on how to fix the local test setup.)

---

This adds the 3 fuzzing targets provided by the Wasmi project, translate, execute and differential.
The setup is very simple since it mostly uses the recommended cargo-fuzz.

[github-actions]

Robbepop is integrating a new project:
- Main repo: https://github.com/wasmi-labs/wasmi
- Criticality score: 0.58153

[Robbepop]

It is a bit painful for me not to be able to debug locally.
At least the Presubmit checks/build job now succeeds.

I've been looking into the failed Project tests/build job and saw the following:

+ cargo fuzz build execute --release --debug-assertions
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.06s
+ cargo fuzz build differential --release --debug-assertions --features=differential
    Finished `dev` profile [unoptimized + debuginfo] target(s) in 0.05s

So we explicitly build for release profile but cargo outputs that it succeeds building for dev profile. This is very confusing to me right now as I cannot reproduce locally and in the aforementioned job does not happen.

This is also why the following cp command fails because it looks up the executable files under the release directory instead of the debug directory:

+ cp target/x86_64-unknown-linux-gnu/release/differential /out/
cp: cannot stat 'target/x86_64-unknown-linux-gnu/release/differential': No such file or directory

@vitorguidi do you have any clues why a dev build was built here despite the clear release settings?

[Robbepop]

@vitorguidi hi, sorry for the bad state of this PR. I'd really love to have OSS-fuzz support for Wasmi but I cannot see a way to test the scripts locally and cannot seem to reproduce what is happening on CI with what I said in this comment. Do you have any ideas what I could do or try out?

[oliverchang]

Thank you for working on this.

Our instructions for testing locally are here: https://google.github.io/oss-fuzz/getting-started/new-project-guide/#testing-locally.

In this case, it looks like the failure is in the coverage sanitizer, so you'd likely be able to reproduce by running python3 infra/helper.py build_fuzzers --sanitizer coverage wasmi

[Robbepop]

Thank you for working on this.

Our instructions for testing locally are here: https://google.github.io/oss-fuzz/getting-started/new-project-guide/#testing-locally.

In this case, it looks like the failure is in the coverage sanitizer, so you'd likely be able to reproduce by running python3 infra/helper.py build_fuzzers --sanitizer coverage wasmi

@oliverchang Thank you for your reply. Unfortunately I cannot test the Dockerfile and shell script locally due to this issue: #10967 (I only have a Macbook M2 Pro) See my previous comment.

But I will try out that particular command and see if that works in isolation.

edit: Not working since I cannot even build the wasmi image:

- InvalidBaseImagePlatform: Base image gcr.io/oss-fuzz-base/base-builder-rust was pulled with platform "linux/amd64", expected "linux/arm64" for current build (line 17)

This is due to the linked issue with Macbook M2 Pro incompatibility.